advertisement

On June 30, 2018, the cybersecurity newssite Bleeping Computer revealed a new form of “cryptojacking” involving a simple Windows Clipboard-based software that has affected millions of cryptocurrency users.

Ctrl C + Ctrl V

Cryptocurrency addresses are impossible to remember easily, especially if a person has multiple alphanumeric string addresses in their wallet. During transactions, a user may copy their address from a stored file on their computer and paste it online on a wallet or exchange. However, a group of attackers have identified this behavioral fallacy and created a malware to exploit such users.

Called “CryptoCurrency Clipboard Hijackers,” the malware monitors a victim computer for cryptocurrency addresses saved on the Clipboard software, and in case detected, swaps the address with one they control.

Compared to other types of malware, the Clipboard hack is reasonably easy to circumvent, as a person could double-check and notice an error in the address and cancel the transaction.

2.3 Million Users Affected

Such malicious Clipboard-based software is not a wholly-new attack, as they have affected a few hundred thousand computers at the most in the past. However, in comparison, the CryptoCurrency Clipboard Hijacker has affected a staggering 2.3 million cryptocurrency addresses according to estimates.

Advertisement

advertisement

As stated, the malware runs a Dynamic-Link Library (DLL) and downloads a d3dx11_31.dll to the victim’s Windows Temp folder. Subsequently, a “DirectX 11” will autorun when the user logs into the computer and automatically runs a “rundll32 C:\Users\[username]\AppData\Local\Temp\d3dx11_31.dll,includes_func_runnded” command.

Protective Measures

Cryptocurrency adoption is propelled mainly as a speculative vehicle rather than a means-of-payment or a robust store-of-value. Due to this, users trust their funds with cryptocurrency exchanges and do not exercise essential security practices, as a result of which, nefarious characters get several opportunities to exploit vulnerabilities which range from hacking associated emails to installing illicit mining software.

While most malware runs in the background with no indication of its existence; an updated antivirus software, a brief check of RAM at particular time periods, and other necessary security measures can protect users for good. Double-checking addresses is another healthy way to spot potentially spoofed entries.

DISCLAIMER: BTCManager.com is not a financial project and does not provide any investment services or represent anyone's interests other than its own. For basic information on this website we put our own knowledge about online payment methods, practical skills and years of experience. BTCManager website is offered to wide range of readers as a daily digest that focuses on issues and modern solutions in the practical application the main cryptocurrency and its derivatives. Among our main objectives is to popularize the use of cryptocurrency, explanation what cryptocurrencies are and how they play the role of payment instrument and means for safe storing and earnings, as well as providing the necessary knowledge, educational articles, information about upcoming events and conferences dedicated to the development of cryptocurrency. BTC Manager is not responsible for any results of your using the information from our website. BTCManager.com is not responsible for the content of external sites.